Windows 10: Subtitles can be use to hack computers and media players


  1. Posts : 8,932
    Windows 10 (Pro and Insider Pro)
       24 May 2017 #1

    Subtitles can be use to hack computers and media players


    New kind of threat have been found by Check Point researchers. Media players (standalone and on computers), including popular ones like VLC, KODI and smart TVs, can be hacked by malicious subtitles.

    Developers are already updating their applications with patches, but to update smart devices and media boxes will take some time, if ever.

    Read more on blog.checkpoint.com | hacked-in-translation or your favorite news page.
      My ComputerSystem Spec


  2. Posts : 8
    Windows 10 Home
       25 May 2017 #2

    just use a sandbox soft to isolate your medias/internet-facing apps and you wont have to worry about those attacks.
      My ComputerSystem Spec

  3.    25 May 2017 #3

    VLC released an update yesterday 2.2.6.
      My ComputersSystem Spec


  4. Posts : 8,932
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       25 May 2017 #4

    Umbra said: View Post
    just use a sandbox soft to isolate your medias/internet-facing apps and you wont have to worry about those attacks.
    Do that with your TV
      My ComputerSystem Spec


  5. Posts : 8
    Windows 10 Home
       25 May 2017 #5

    AndreTen said: View Post
    Do that with your TV
    My TV isn't smart enough to allow subtitles
      My ComputerSystem Spec


  6. Posts : 8,932
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       25 May 2017 #6

    Umbra said: View Post
    My TV isn't smart enough to allow subtitles
    Neither is mine, but there are many that are And they are in home networks, and ideal entry to hack other computers...
      My ComputerSystem Spec

  7.    25 May 2017 #7

    AndreTen said: View Post
    New kind of threat have been found by Check Point researchers. Media players (standalone and on computers), including popular ones like VLC, KODI and smart TVs, can be hacked by malicious subtitles.

    Developers are already updating their applications with patches, but to update smart devices and media boxes will take some time, if ever.

    Read more on blog.checkpoint.com | hacked-in-translation or your favorite news page.
    AndreTen said: View Post
    Neither is mine, but there are many that are And they are in home networks, and ideal entry to hack other computers...
    Thanks for this warning Andre. I understand KODI have released an update to take care of this. Now to find the list of all the Fire devices that need updating......
      My ComputerSystem Spec


  8. Posts : 8,932
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       25 May 2017 #8

    simrick said: View Post
    Thanks for this warning Andre. I understand KODI have released an update to take care of this. Now to find the list of all the Fire devices that need updating......
    I think that danger to English speaking population is far less serious than others. Key to prevent possible attack is not to have automatic subtitles loading enabled.

    Beside non-major language users, like me in Slovenia, who are using subtitles on daily basis, there are also users with hearing problems, which are using auto-loading subtitles for all the visual material. This population should be careful, till developers update applications.
      My ComputerSystem Spec

  9.    29 May 2017 #9

    Hi there

    a lot of this is rather "academic" -- especially if you run things like KODI on a firetv / firestick - there's nothing to hack on to that type of box way - although it's got an OS it's a passive type device with no meaningful data that is of any use to a hacker in any case.

    Kodi and VLC regularly update their software and fixes already in the system.

    For downloading subtitles - just ensure you only use recognized sites for subtitles - and ideally if they are of type .SRT they are readable text so should be OK. Go for .SRT type subtitles rather than the other sorts which could possibly contain executables.

    I always use a fire stick / firetv box for watching multi-media but if you do use a phone / computer then your A/V system should protect you against this type of problem. ALWAYS though install the security updates when VLC / KODI issue new releases.

    Tip for non English speaking users or users who want other languages.

    Download the English subtitle (the .SRT file) as there's usually an English version available even when no other languages are.
    Now simply use any of the online translation services (FREE) and you've got the subtitle in your own language. Fix / modify as required.

    Note both KODI and VLC have "offset adjustments" to get subtitle in sync with the lips - kodi is easy as you can do it in real time while watching the movie.

    Usually subtitles from opensubtitles.org or subscene.com are fine - use the appropriate frame rate and those with the 5 ***** rating usually work. AVOID THOUGH ANY RE-DIRECTS or other download buttons --ensure you actually download the subtitle and not something like driver manager etc etc.

    Cheers
    jimbo
      My ComputerSystem Spec

  10.    30 May 2017 #10

    jimbo45 said: View Post
    Hi there

    a lot of this is rather "academic" -- especially if you run things like KODI on a firetv / firestick - there's nothing to hack on to that type of box way - although it's got an OS it's a passive type device with no meaningful data that is of any use to a hacker in any case.

    Kodi and VLC regularly update their software and fixes already in the system.
    Actually, I'm thinking that hacking Fire devices could be used the same like IoT (smart-home) devices - DDoS attacks.
      My ComputerSystem Spec


 

Related Threads
I have several Win10 computers on a "WORKGROUP" network. Network location is set to private on all machines with network discovery and file and printer sharing activated. Two computers are listed as workgroup computers and two as media devices. ...
Just recently (I think there was an update) there stopped being an option to set a media file type (AVI, WAV, etc)) to open with a certain media player. If I right clicked on a video and selected "open with" I would get a list of my players and an...
After battling a shitload of infections from my PC my windows media player no longer works. I get this error: "Windows Media Player encountered a problem while playing the file." When I try to open an mp3 with Music Mode I get this error: "Error...
Hi, I have a friends computer that was recently installed windows 10 April update in English, for some reason the media players (WMP, VLC) are displaying most Hebrew characters as Gibberish, why? and how could i fix it? What i already tried:...
I know I can download codecs for this (which I have) or just use VLC, but how do you get Windows Media Player to show the subtitles of mkv files? Doing a right click and turning on Subtitles does nothing. Does anyone know how to fix this? If you...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 16:20.
Find Us